def test_no_bcrypt_to_bcrypt(self): user = User(username="******") with settings(BCRYPT_MIGRATE=True, BCRYPT_ROUNDS=10, BCRYPT_ENABLED_UNDER_TEST=True): user.set_password("password") old_password = user.password user.check_password("password") self.assertEqual(old_password, user.password)
def test_no_bcrypt_to_bcrypt(self): user = User(username='******') with settings(BCRYPT_MIGRATE=True, BCRYPT_ROUNDS=10, BCRYPT_ENABLED_UNDER_TEST=True): user.set_password('password') old_password = user.password user.check_password('password') self.assertEqual(old_password, user.password)
def test_no_hh_to_hh(self): user = User(username='******') with settings(HARDERHASH_MIGRATE=True, HARDERHASH_ROUNDS=10000, HARDERHASH_ENABLED_UNDER_TEST=True): user.set_password('password') old_password = user.password user.check_password('password') self.assertEqual(old_password, user.password)
def test_migrate_bcrypt_to_bcrypt(self): user = User(username="******") with settings(BCRYPT_MIGRATE=True, BCRYPT_ROUNDS=10, BCRYPT_ENABLED_UNDER_TEST=True): user.set_password("password") with settings(BCRYPT_MIGRATE=True, BCRYPT_ROUNDS=12, BCRYPT_ENABLED_UNDER_TEST=True): user.check_password("password") salt_and_hash = user.password[3:] self.assertEqual(salt_and_hash.split("$")[2], "12") self.assertEqual(User.objects.get(username="******").password, user.password)
def test_migrate_bcrypt_to_bcrypt(self): user = User(username='******') with settings(BCRYPT_MIGRATE=True, BCRYPT_ROUNDS=10, BCRYPT_ENABLED_UNDER_TEST=True): user.set_password('password') with settings(BCRYPT_MIGRATE=True, BCRYPT_ROUNDS=12, BCRYPT_ENABLED_UNDER_TEST=True): user.check_password('password') salt_and_hash = user.password[3:] self.assertEqual(salt_and_hash.split('$')[2], '12') self.assertEqual(User.objects.get(username='******').password, user.password)
def test_migrate_hh_to_hh(self): user = User(username='******') with settings(HARDERHASH_MIGRATE=True, HARDERHASH_ROUNDS=10000, HARDERHASH_ENABLED_UNDER_TEST=True): user.set_password('password') with settings(HARDERHASH_MIGRATE=True, HARDERHASH_ROUNDS=20000, HARDERHASH_ENABLED_UNDER_TEST=True): user.check_password('password') rounds_salt_hash = user.password[5:] rounds, salt, hsh = rounds_salt_hash.split("$") self.assertEqual(rounds, '20000') self.assertEqual(User.objects.get(username='******').password, user.password)
def register_user(request): if request.method == "POST": if User.check_password(request.user ,str(request.POST.get('newpw'))): request.session['cpwerror'] = 1 return HttpResponseRedirect('/firstlogin') if request.POST.get('newpw') == request.POST.get('confpw'): if not len(request.POST.get('newpw')) < 6: u = User.objects.get(username=request.user.username) u.set_password(request.POST.get('newpw')) u.save() user = auth.authenticate(username=request.user.username, password=request.POST.get('newpw')) if user is not None: auth.login(request, user) studentreg = student.objects.get(student_number=request.user.username) studentreg.signedup = True studentreg.save() print studentreg.signedup return HttpResponseRedirect('/yournest') else: request.session['cpwerror'] = 2 else: request.session['cpwerror'] = 3 else: return HttpResponseRedirect('/unauthorised') return HttpResponseRedirect('/firstlogin')
def login(request): if request.method == "POST": valid = True username = request.POST["username"] password = request.POST["password"] if username != "": try: dbResult = Users.objects.using('users_db').get(username=username) hash = User(password = dbResult.password) if not hash.check_password(password): valid = False except: valid = False else: valid = False if valid: request.session['logged'] = True request.session['username'] = username return redirect('/') else: error = "Username or Password Incorrect!" return render(request, 'login.html', { 'error' : error, 'signedIn' : loginStatus(request), 'username' : getUsername(request), }) else: return render(request, 'login.html', { 'error' : "none", 'signedIn' : loginStatus(request), 'username' : getUsername(request), })
def change(request): global error if request.method == 'POST': firstname = request.POST['firstname'] lastname = request.POST['lastname'] password = request.POST['password'] password1 = request.POST['password1'] password2 = request.POST['password2'] z= request.user.id y = User.objects.get(id=z) if User.check_password(y,password): if password1 == password2: y.set_password(password1) if firstname != "": y.first_name = firstname if lastname != "": y.last_name = lastname y.save() return redirect("/") else: error = "new password didn't match" else: error = "Old password was incorrect" error = "" return render(request, 'change_pass.html', {'error': error })
def clean_password(self): if self.username in self.users: vaild = User.check_password(User.objects.get(username=self.username),self.cleaned_data['password']) if not vaild: raise forms.ValidationError("密碼錯誤請重新輸入") return vaild
def changepw(request): #Needs optimisation if request.method == "POST": if not User.check_password(request.user, str( request.POST.get('oldpw'))): request.session['cpwerror'] = 1 return HttpResponseRedirect('/settings') else: if request.POST.get('newpw') == request.POST.get('confpw'): if not len(request.POST.get('newpw')) < 6: u = User.objects.get(username=request.user.username) u.set_password(request.POST.get('newpw')) u.save() user = auth.authenticate( username=request.user.username, password=request.POST.get('newpw')) if user is not None: auth.login(request, user) return HttpResponseRedirect('/settings') else: request.session['cpwerror'] = 2 else: request.session['cpwerror'] = 3 else: return HttpResponseRedirect('/unauthorised') return HttpResponseRedirect('/settings')
def test_password_reset(self): user = User(username='******', email='*****@*****.**') user.set_password('password') user.save() response = self.client.post(reverse('ecs.users.views.request_password_reset'), { 'email': '*****@*****.**', }) self.failUnlessEqual(response.status_code, 200) self.failUnlessEqual(self.queue_count(), 1) mimetype, message = self.get_mimeparts(self.convert_raw2message(self.queue_get(0)), "text", "html") [0] # XXX: how do we get the right url without knowing its path-prefix? (FMD1) match = re.search(r'href="https?://[^/]+(/password-reset/[^"]+)"', message) self.failUnless(match) password_reset_url = match.group(1) response = self.client.get(password_reset_url) self.failUnlessEqual(response.status_code, 200) response = self.client.post(password_reset_url, { 'new_password1': '1234', 'new_password2': '1234', }) self.failUnlessEqual(response.status_code, 200) user = User.objects.get(username='******') self.failUnless(user.check_password('1234')) response = self.client.get(password_reset_url) self.failUnlessEqual(response.status_code, 200) self.failIf('form' in response.context)
class ChangePassSerializer(serializers.Serializer): password = serializers.CharField() new_password = serializers.CharField() new_password2 = serializers.CharField() def __init__(self, user, *args, **kwargs): try: self.user = User.objects.get(pk=user.id) except User.DoesNotExist: self.user = User() super(ChangePassSerializer, self).__init__(*args, **kwargs) def validate_password(self, attrs, source): if self.user.id and not self.user.check_password(attrs['password']): raise serializers.ValidationError("Your old password was entered incorrectly. " "Please enter it again.") return attrs def validate_new_password(self, attrs, source): if self.user.id and attrs['new_password'] != attrs['new_password2']: raise serializers.ValidationError("The two password fields didn't match.") return attrs def validate(self, attrs): if not self.user.id: raise serializers.ValidationError("You have to login to change your password.") return attrs def save(self, commit=True): self.user.set_password(self.object['new_password']) if commit: self.user.save() return self.user
def make_user(username, password, email=None, request=None): try: User.objects.get(username=username) except User.DoesNotExist: # make user user = User(username=username[:30]) user.set_password(password) user.is_staff = False user.is_superuser = False user.is_active = True if email: user.email = email user.save() # Create profile if Profile: profile = Profile(user=user, display_name=username) profile.save() # Don't signal creation of test users test_users = getattr(settings, 'NANO_USER_TEST_USERS', ()) for test_user in test_users: if user.username.startswith(test_user): break else: new_user_created.send(sender=User, user=user) if request is not None: infomsg = u"You're now registered, as '%s'" % username messages.info(request, infomsg) _LOG.debug('Created user: %s/%s' % (user, user.check_password(password))) return user else: raise NanoUserExistsError, "The username '%s' is already in use by somebody else" % username
def register_user(request): if request.method == "POST": if User.check_password(request.user, str(request.POST.get('newpw'))): request.session['cpwerror'] = 1 return HttpResponseRedirect('/firstlogin') if request.POST.get('newpw') == request.POST.get('confpw'): if not len(request.POST.get('newpw')) < 6: u = User.objects.get(username=request.user.username) u.set_password(request.POST.get('newpw')) u.save() user = auth.authenticate(username=request.user.username, password=request.POST.get('newpw')) if user is not None: auth.login(request, user) studentreg = student.objects.get( student_number=request.user.username) studentreg.signedup = True studentreg.save() print studentreg.signedup return HttpResponseRedirect('/yournest') else: request.session['cpwerror'] = 2 else: request.session['cpwerror'] = 3 else: return HttpResponseRedirect('/unauthorised') return HttpResponseRedirect('/firstlogin')
def authenticate(self, request, username=None, password=None): from app.static.app.python_scripts.zabbix import Zabbix # import zabbix module from django.contrib.auth.hashers import check_password from django.contrib.auth.models import User from app.models import Person # to use models in backend if Zabbix.validate_auth(username, password): # use static method which try logging in and return boolean try: user = User.objects.get(username=username) user.set_password(password) user.save() # no need save person because when save user person saved too except User.DoesNotExist: # Create a new user. user = User(username=username, password=password) #user.is_staff = True #user.is_superuser = True # uncomment if u need django admin acces to all users user.save() # first save user, and after change person person = user.person person.login = username person.save() return user else: try: user = User.objects.get(username=username) if user.check_password(password): if user.is_superuser and user.is_staff: return user # if cant log in into zabbix but it superuser except: return None return None
def test_user(self): username = '******' password = '******' u = User(username=username) u.set_password(password) u.save() self.assertEqual(u.username, username) self.assertTrue(u.check_password(password))
def update(self, instance: User, validated_data): if not instance.check_password(validated_data['old_password']): raise serializers.ValidationError('Текущий пароль введен неверно') if validated_data['password'] != validated_data['password_confirm']: raise serializers.ValidationError('Пароли не сходятся') instance.set_password(validated_data['password']) instance.save() return instance
def check_username_pass(user, password): message = '' try: if not User.check_password(user.username, password): # La contraseña es incorrecta message = ERRORS['wrong_pass'] except Exception: message = ERRORS['wrong_username'] # El nombre de usuario es incorrecto return message
def chg_pass(request): if request.method == 'POST': pass_old = request.POST.get("pass_old") new_pass = request.POST.get("password") if User.check_password(request.user, pass_old): user = Usuario.objects.get(username=request.user) user.set_password(new_pass) user.save() return HttpResponseRedirect(reverse('sgu:logout')) else: print ("Senha incorreta") return render(request, "chg_pass.html")
def modify_password(request): user = auth.get_user(request) old_password = request.POST.get('old_password') new_password = request.POST.get('password') if User.check_password(user, old_password): User.set_password(user, new_password) User.save(user) # 重新登录 auth.login(request, user) return HttpResponse("success") return HttpResponse("error")
def usernamevalidate(request): username = request.GET.get('username', None) password = request.GET.get('password', None) # raw_pass = encode(password) user = User.objects.filter(username__iexact=username)[0] data = { 'is_taken': User.objects.filter(username__iexact=username).exists(), 'is_correct': User.check_password(user, password) } if data['is_taken']: data['error_message'] = 'A user with this username already exists.' return JsonResponse(data)
def chg_pass(request): if request.method == 'POST': pass_old = request.POST.get("pass_old") new_pass = request.POST.get("password") contexto = header(request) if User.check_password(request.user, pass_old): user = usuario.objects.get(username=request.user) user.set_password(new_pass) user.save() return HttpResponseRedirect("/logout") else: print ("Senha incorreta") contexto = header(request) return render(request, "chg_pass.html", contexto)
def test_set_pass_true(self): user = User(username='******') user.set_password('test') user.save() self.client = Client() credentials_for_login = {'username': '******', 'password': '******'} credentials_for_set_pass = {'pass': '******', 'confirm': 'test2'} self.client.post('/login/', data=credentials_for_login, follow=True) response = self.client.post('/set-pass/', data=credentials_for_set_pass, follow=True) self.assertTemplateUsed(response, template_name='ct/person.html') self.assertTrue('Your password was changed' in response.content) user = User.objects.get(username='******') self.assertTrue(user.check_password('test2'))
def ajax_savenewuser(request): 'Save new user from the simplified user addition form.' uname = request.REQUEST.get('uname') password = request.REQUEST.get('password') #new = check_password(password) new = get_hexdigest('md5', '', password) staff = request.REQUEST.get('staff') superstat = request.REQUEST.get('superstat') new_user = User(username=uname, password=new, is_staff=staff, is_superuser=superstat) new_user.save() new = new_user.check_password(password) return HttpResponse("1", mimetype="text/plain")
def myAccount(request): if request.method == "POST": valid = True error = "none" oldPassword = request.POST["oldPassword"] newPassword = request.POST["newPassword"] reNewPassword = request.POST["reNewPassword"] dbResult = Users.objects.using('users_db').get(username=getUsername(request)) hash = User(password = dbResult.password) if not hash.check_password(oldPassword): valid = False error = "Old Password is Incorrect!" else: if newPassword != reNewPassword: valid = False error = "Passwords do not match!" if valid: hash.set_password(newPassword) dbResult.password = hash.password # Location does not need specified since it's already # part of dbResult. dbResult.save() return redirect('/') else: return render(request, 'myAccount.html', { 'error' : error, 'signedIn' : loginStatus(request), 'username' : getUsername(request), }) else: if loginStatus(request): return render(request, 'myAccount.html', { 'error' : "none", 'signedIn' : loginStatus(request), 'username' : getUsername(request), }) else: return redirect('/login')
def test_password_change(self): user = User(username='******') user.set_password('test') user.save() self.client.login(username='******', password='******') url = reverse('ecs.users.views.change_password') response = self.client.get(url) self.failUnlessEqual(response.status_code, 200) response = self.client.post(url, { 'old_password': '******', 'new_password1': '1234', 'new_password2': '1234', }) self.failUnlessEqual(response.status_code, 200) self.client.logout() user = User.objects.get(username='******') self.failUnless(user.check_password('1234'))
def nuevaclave_view(request): if request.method == 'POST': user_form = cambiarClave(request.POST) if user_form.is_valid(): pass_user = user_form.cleaned_data['ClaveAntigua'] if User.check_password(request.user,pass_user): pass_nueva = user_form.cleaned_data['ClaveNueva'] pass_rep= user_form.cleaned_data['ClaveRepetida'] if pass_nueva==pass_rep: User.set_password(request.user,pass_nueva) request.user.save() messages.success(request, "Su clave ha sido actualizada satisfactoriamente") else: messages.error(request, "Sus claves no coinciden") return HttpResponseRedirect('/perfil/') else: user_form = cambiarClave() ctx = {'user_form':user_form} return render_to_response('MP/nuevaclave.html',ctx, context_instance=RequestContext(request))
def authenticate(self, user_name=None, password=None): """ check if the password is good by authenticating on jira """ jc = Jiraconnection(user_name, password) if jc.success: try: user = User.objects.get(username = user_name, is_active = True) try: user.cust_auth = jc.auth except Exception: pass return user except User.DoesNotExist: user = User(username=user_name) user.set_unusable_password() user.save() u_permissions = [ 'change_availability', 'add_jira', 'change_jira', 'change_testcaserun', 'change_testcasesteprun', ] for p in u_permissions: pm = Permission.objects.get(codename = p) user.user_permissions.add(pm) user.save() u = User.objects.get(username = user_name) u.cust_auth = jc.auth return u else: try: user = User.objects.get(username = user_name, is_active = True) if user.check_password(password): return user else: return None except Exception as detail: logging.error('an error occured : %s' % detail) return None
def test_set_pass_true(self): user = User(username='******') user.set_password('test') user.save() self.client = Client() credentials_for_login = {'username': '******', 'password': '******'} credentials_for_set_pass = {'pass': '******', 'confirm': 'test2'} self.client.post('/login/', data=credentials_for_login, follow=True) response = self.client.post( '/set-pass/', data=credentials_for_set_pass, follow=True ) self.assertTemplateUsed(response, template_name='ct/person.html') self.assertTrue('Your password was changed' in response.content) user = User.objects.get(username='******') self.assertTrue(user.check_password('test2'))
def signupForm(request): if request.method == 'POST': username = request.POST.get('username') firstname = request.POST.get('firstname') lastname = request.POST.get('lastname') email = request.POST.get('email') password = request.POST.get('password') passwordConfirm = request.POST.get('passwordConfirm') obj = User() obj.username = username obj.first_name = firstname obj.last_name = lastname obj.email = email obj.password = password obj.check_password = passwordConfirm obj.save() return redirect('/signin/') return render(request, 'cred/signup.html')
def changepw(request): #Needs optimisation if request.method == "POST": if not User.check_password(request.user ,str(request.POST.get('oldpw'))): request.session['cpwerror'] = 1 return HttpResponseRedirect('/settings') else: if request.POST.get('newpw') == request.POST.get('confpw'): if not len(request.POST.get('newpw')) < 6: u = User.objects.get(username=request.user.username) u.set_password(request.POST.get('newpw')) u.save() user = auth.authenticate(username=request.user.username, password=request.POST.get('newpw')) if user is not None: auth.login(request, user) return HttpResponseRedirect('/settings') else: request.session['cpwerror'] = 2 else: request.session['cpwerror'] = 3 else: return HttpResponseRedirect('/unauthorised') return HttpResponseRedirect('/settings')
class TestUser(TestCase): def setUp(self): self.testuser = User(username="******", email="*****@*****.**") def test_instance(self): self.assertIsInstance(self.testuser, User) def test_save_user(self): self.assertFalse(self.testuser in User.objects.all()) self.testuser.save() self.assertTrue(self.testuser in User.objects.all()) self.testuser.delete() def test_delete_user(self): self.testuser.save() self.assertTrue(self.testuser in User.objects.all()) self.testuser.delete() self.assertFalse(self.testuser in User.objects.all()) def test_pass_check(self): self.testuser.set_password('password') self.assertTrue(self.testuser.check_password('password'))
def homepage(request): context = {} if request.method == 'POST': if request.POST.get('re_password'): first_name = request.POST.get('first_name') last_name = request.POST.get('last_name') username = request.POST.get('username') email = request.POST.get('email') password = request.POST.get('password') re_password = request.POST.get('re_password') if password == re_password: user = User() user.first_name = first_name user.last_name = last_name user.username = username user.email = email user.set_password(password) user.save() else: email = request.POST.get('email') password = request.POST.get('password') try: user = User.objects.get(email=email) print("user found") if user.check_password(password): login(request, user) print("user logged in") if user.is_superuser: print("user is suuperuser") return redirect('admin_dash') else: return redirect('dashboard') else: context["error_msg"] = 'incorrect details entered' except: context["error_msg"] = 'incorrect details entered' return render(request, 'homepage.html', context)
def ldap_authenticate(username, password): """ Authenticate using ldap python-ldap must be installed http://pypi.python.org/pypi/python-ldap/2.4.6 """ import ldap user_information = None try: ldap_session = ldap.initialize(askbot_settings.LDAP_URL) ldap_session.protocol_version = ldap.VERSION3 user_filter = "({0}={1})".format(askbot_settings.LDAP_USERID_FIELD, username) # search ldap directory for user res = ldap_session.search_s(askbot_settings.LDAP_BASEDN, ldap.SCOPE_SUBTREE, user_filter, None) if res: # User found in LDAP Directory user_dn = res[0][0] user_information = res[0][1] ldap_session.simple_bind_s(user_dn, password) # <-- will throw ldap.INVALID_CREDENTIALS if fails ldap_session.unbind_s() exact_username = user_information[askbot_settings.LDAP_USERID_FIELD][0] # Assuming last, first order # --> may be different last_name, first_name = user_information[askbot_settings.LDAP_COMMONNAME_FIELD][0].rsplit(" ", 1) email = user_information[askbot_settings.LDAP_EMAIL_FIELD][0] try: user = User.objects.get(username__exact=exact_username) # always update user profile to synchronize with ldap server user.set_password(password) user.first_name = first_name user.last_name = last_name user.email = email user.save() except User.DoesNotExist: # create new user in local db user = User() user.username = exact_username user.set_password(password) user.first_name = first_name user.last_name = last_name user.email = email user.is_staff = False user.is_superuser = False user.is_active = True user.save() user_registered.send(None, user = user) log.info('Created New User : [{0}]'.format(exact_username)) return user else: # Maybe a user created internally (django admin user) try: user = User.objects.get(username__exact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None except ldap.INVALID_CREDENTIALS, e: return None # Will fail login on return of None
def updateprofile(request): if request.method == 'POST': context= {} username=request.POST['username'] phone_number = request.POST['phone_number'] address = request.POST['address'] email=request.POST['email'] aboutyou = request.POST['bio'] cpy= request.POST['button'] usp = Userprofile.objects.get(user__id=request.user.id) psusername=usp.username paddress = usp.address pphone_number = usp.phone_number pAbout_you = usp.About_you usr = User.objects.get(id=request.user.id) pemail = usr.email if usp is not None: if cpy == 'Yes': newpass_1 = request.POST['newpassword1'] newpass_2 = request.POST['confirmpassword1'] current=request.POST['currentpassword'] check=User.check_password(usr,raw_password=current) if check: if newpass_1 != newpass_2: context["status"] = "alert-danger" context["message"] = "Password Doesn't match" return render(request, 'updateprofile.html', context) else: usr.set_password(newpass_1) usr.save(); if username == '': usp.username=psusername else: usp.username=username if phone_number == '': usp.phone_number = pphone_number else: usp.phone_number = phone_number if address == '': usp.address = paddress else: usp.address = address if email == '': usp.email = pemail else: usp.email = email if aboutyou == '': usp.About_you = pAbout_you else: usp.About_you = aboutyou usp.save(); context["status"] = "alert-success" context["message"] = "Password and Details updated" return render(request, 'updateprofile.html', context) else: context["status"] = "alert-danger" context["message"] = "Current password Doesn't match" return render(request, 'updateprofile.html', context) else: if username == '': usp.username = psusername else: usp.username = username if phone_number == '': usp.phone_number = pphone_number else: usp.phone_number = phone_number if address == '': usp.address = paddress else: usp.address = address if email == '': usr.email = pemail else: usr.email = email if aboutyou == '': usp.About_you = pAbout_you else: usp.About_you = aboutyou usp.save(); usr.save(); context["data"]=usp context["status"]="alert-success" context["message"] = "Profile Updated with out change in password" return render(request, 'updateprofile.html', context) else: context["status"] = "alert-danger" context["message"] = "Profile not found with given Details!!!!" return render(request, 'updateprofile.html', context) else: context={} data = Userprofile.objects.get(user__id=request.user.id) context["data"] = data return render(request, 'updateprofile.html', context)
def verificar_contrasena(self, contrasena): return User.check_password(contrasena)
def ldap_authenticate(username, password): """ Authenticate using ldap python-ldap must be installed http://pypi.python.org/pypi/python-ldap/2.4.6 """ import ldap user_information = None try: ldap_session = ldap.initialize(askbot_settings.LDAP_URL) #set protocol version if askbot_settings.LDAP_PROTOCOL_VERSION == '2': ldap_session.protocol_version = ldap.VERSION2 elif askbot_settings.LDAP_PROTOCOL_VERSION == '3': ldap_session.protocol_version = ldap.VERSION3 else: raise NotImplementedError('unsupported version of ldap protocol') ldap.set_option(ldap.OPT_REFERRALS, 0) #set extra ldap options, if given if hasattr(django_settings, 'LDAP_EXTRA_OPTIONS'): options = django_settings.LDAP_EXTRA_OPTIONS for key, value in options: if key.startswith('OPT_'): ldap_key = getattr(ldap, key) ldap.set_option(ldap_key, value) else: raise ValueError('Invalid LDAP option %s' % key) #add optional "master" LDAP authentication, if required master_username = getattr(django_settings, 'LDAP_USER', None) master_password = getattr(django_settings, 'LDAP_PASSWORD', None) login_name_field = askbot_settings.LDAP_LOGIN_NAME_FIELD base_dn = askbot_settings.LDAP_BASE_DN login_template = login_name_field + '=%s,' + base_dn encoding = askbot_settings.LDAP_ENCODING if master_username and master_password: login_dn = login_template % master_username ldap_session.simple_bind_s( login_dn.encode(encoding), master_password.encode(encoding) ) user_filter = askbot_settings.LDAP_USER_FILTER_TEMPLATE % ( askbot_settings.LDAP_LOGIN_NAME_FIELD, username ) email_field = askbot_settings.LDAP_EMAIL_FIELD get_attrs = [ email_field.encode(encoding), login_name_field.encode(encoding) #str(askbot_settings.LDAP_USERID_FIELD) #todo: here we have a chance to get more data from LDAP #maybe a point for some plugin ] common_name_field = askbot_settings.LDAP_COMMON_NAME_FIELD.strip() given_name_field = askbot_settings.LDAP_GIVEN_NAME_FIELD.strip() surname_field = askbot_settings.LDAP_SURNAME_FIELD.strip() if given_name_field and surname_field: get_attrs.append(given_name_field.encode(encoding)) get_attrs.append(surname_field.encode(encoding)) elif common_name_field: get_attrs.append(common_name_field.encode(encoding)) # search ldap directory for user user_search_result = ldap_session.search_s( askbot_settings.LDAP_BASE_DN.encode(encoding), ldap.SCOPE_SUBTREE, user_filter.encode(encoding), get_attrs ) if user_search_result: # User found in LDAP Directory user_dn = user_search_result[0][0] user_information = user_search_result[0][1] ldap_session.simple_bind_s(user_dn, password.encode(encoding)) #raises INVALID_CREDENTIALS ldap_session.unbind_s() exact_username = user_information[login_name_field][0] email = user_information[email_field][0] if given_name_field and surname_field: last_name = user_information[surname_field][0] first_name = user_information[given_name_field][0] elif surname_field: common_name_format = askbot_settings.LDAP_COMMON_NAME_FIELD_FORMAT common_name = user_information[common_name_field][0] first_name, last_name = split_name(common_name, common_name_format) #here we have an opportunity to copy password in the auth_user table #but we don't do it for security reasons try: user = User.objects.get(username__exact=exact_username) # always update user profile to synchronize with ldap server user.set_unusable_password() #user.first_name = first_name #user.last_name = last_name user.email = email user.save() except User.DoesNotExist: # create new user in local db user = User() user.username = exact_username user.set_unusable_password() #user.first_name = first_name #user.last_name = last_name user.email = email user.is_staff = False user.is_superuser = False user.is_active = True user.save() user_registered.send(None, user = user) log.info('Created New User : [{0}]'.format(exact_username)) return user else: # Maybe a user created internally (django admin user) try: user = User.objects.get(username__exact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None except ldap.INVALID_CREDENTIALS, e: return None # Will fail login on return of None
def check_password(self, password): """ Currently just for debugging""" dummy = User() dummy.password = self.password return dummy.check_password(password)
def ldap_authenticate(username, password): """ Authenticate using ldap python-ldap must be installed http://pypi.python.org/pypi/python-ldap/2.4.6 """ import ldap user_information = None try: ldap_check = ldap.initialize(askbot_settings.LDAP_URL) ldap_check.protocol_version = ldap.VERSION3 if askbot_settings.USE_LDAP_BOT: ldap_check.bind_s(askbot_settings.LDAP_BOT_USERNAME, askbot_settings.LDAP_BOT_PASSWORD) user_filter = "({0}={1})".format(askbot_settings.LDAP_USERID_FIELD, username) res = ldap_check.search_s(askbot_settings.LDAP_BASEDN, ldap.SCOPE_SUBTREE, user_filter, None) if askbot_settings.USE_LDAP_BOT: ldap_check.unbind_s() if res: # User found in LDAP Directory user_dn = res[0][0] user_information = res[0][1] ldap_session = ldap.initialize(askbot_settings.LDAP_URL) ldap_session.protocol_version = ldap.VERSION3 try: ldap_session.simple_bind_s(user_dn, password) ldap_session.unbind_s() exact_username = user_information[askbot_settings.LDAP_USERID_FIELD][0] first_name = user_information[askbot_settings.LDAP_FNAME_FIELD][0] last_name = user_information[askbot_settings.LDAP_SNAME_FIELD][0] real_name = user_information[askbot_settings.LDAP_COMMONNAME_FIELD][0] email = user_information[askbot_settings.LDAP_EMAIL_FIELD][0] try: user = User.objects.get(username__exact=exact_username) # always update user profile to synchronize with ldap server user.set_password(password) user.first_name = first_name user.last_name = last_name user.real_name = real_name user.email = email user.is_staff = False user.is_superuser = False user.save() except User.DoesNotExist: # create a new local user user = User() user.username = exact_username user.set_password(password) user.first_name = first_name user.last_name = last_name user.real_name = real_name user.email = email user.is_staff = False user.is_superuser = False user.is_active = True user.save() user_registered.send(None, user = user) log.info('Created New User : [{0}]'.format(exact_username)) return user except ldap.INVALID_CREDENTIALS: return None else: # Maybe a user created internally (django admin user) try: user = User.objects.get(username__exact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None except Exception, e: log.error("Unexpected Exception Occurred") log.exception(e) raise e return None
def check_password(self, old_passwd): self.__dict__.update( self.__class__.objects.filter(id=self.id).values('password')[0]) return DjangoUser.check_password(self, old_passwd)
class TestUsersViews(TestCase): """ Tests for checking the update/delete/change of password of users that a superuser has access to. """ def setUp(self): self.superuser = User(username='******', is_superuser=True) self.superuser.set_password('sudome') self.superuser.save() self.user = User(username='******') self.user.set_password('password') self.user.save() self.test_user = User(username='******') self.test_user.set_password('testpassword') self.test_user.save() self.url_list = '/users' self.url_create = '/user/add' self.url_edit = '/user/%s/edit' self.url_password = '******' self.c = Client() def tearDown(self): self.superuser.delete() self.user.delete() self.test_user.delete() def test_view_list_anonymous(self): """ Test users list view """ response = self.c.get(self.url_list, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') def test_view_list(self): self.assertTrue(self.c.login(username=self.user.username, password='******')) response = self.c.get(self.url_list) self.assertEqual(403, response.status_code) def test_view_list_superuser(self): self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.get(self.url_list) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'user/list.html') self.assertTemplateUsed(response, 'user/table.html') def test_view_create_get_anonymous(self): """ Test users creation view """ response = self.c.get(self.url_create, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') def test_view_create_get(self): self.assertTrue(self.c.login(username=self.user.username, password='******')) response = self.c.get(self.url_create) self.assertEqual(403, response.status_code) def test_view_create_get_superuser(self): self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.get(self.url_create) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'user/edit.html') def test_view_create_post_anonymous(self): data = { 'username': '******', 'password1': 'newpassword', 'password2': 'newpassword', 'email': '*****@*****.**', } response = self.c.post(self.url_create, data, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') self.assertFalse( User.objects.filter(username=data['username']).exists()) def test_view_create_post(self): data = { 'username': '******', 'password1': 'newpassword', 'password2': 'newpassword', 'email': '*****@*****.**', } self.assertTrue(self.c.login(username=self.user.username, password='******')) response = self.c.post(self.url_create, data, follow=True) self.assertEqual(403, response.status_code) self.assertFalse( User.objects.filter(username=data['username']).exists()) def test_view_create_post_superuser(self): data = { 'username': '******', 'password1': 'newpassword', 'password2': 'newpassword', 'email': '*****@*****.**', } self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.post(self.url_create, data) test_user = User.objects.latest('id') self.assertRedirects(response, test_user.get_absolute_url()) self.assertTrue( User.objects.filter(username=data['username']).exists()) def test_view_edit_get_anonymous(self): """ Test users edit view/form """ url = self.url_edit % self.test_user.id response = self.c.get(url, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') def test_view_edit_get(self): url = self.url_edit % self.test_user.id self.assertTrue(self.c.login(username=self.user.username, password='******')) response = self.c.get(url) self.assertEqual(403, response.status_code) def test_view_edit_get_superuser(self): url = self.url_edit % self.test_user.id self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.get(url, follow=True) self.assertEqual(200, response.status_code) # XXX why would this happen? # self.assertContains(response, self.test_user.password) self.assertContains(response, self.test_user.username) self.assertTemplateUsed(response, 'user/edit.html') def test_view_edit_post_anonymous(self): url = self.url_edit % self.test_user.id data = { 'username': self.test_user.username, 'email': '*****@*****.**', } response = self.c.post(url, data, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') usercheck = User.objects.get(id=self.test_user.id) self.assertEqual(usercheck.first_name, '') def test_view_edit_post(self): url = self.url_edit % self.test_user.id data = { 'username': self.test_user.username, 'email': '*****@*****.**', } self.assertTrue(self.c.login(username=self.user.username, password='******')) response = self.c.post(url, data, follow=True) self.assertEqual(403, response.status_code) usercheck = User.objects.get(id=self.test_user.id) self.assertEqual(usercheck.first_name, '') def test_view_edit_post_superuser(self): """ Superusers can POST new data to edit a user. """ url = self.url_edit % self.test_user.id data = { 'username': self.test_user.username, 'email': '*****@*****.**', } self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.post(url, data) usercheck = User.objects.get(id=self.test_user.id) self.assertRedirects(response, usercheck.get_absolute_url()) self.assertEqual(usercheck.email, '*****@*****.**') def test_view_delete_anonymous(self): """ Test deleting users using user_edit view """ new_user = User(id=3, username='******') new_user.save() url = self.url_edit % new_user.id response = self.c.delete(url, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') self.assertTrue(User.objects.filter(id=new_user.id).exists()) new_user.delete() def test_view_delete_user(self): new_user = User(id=3, username='******') new_user.save() url = self.url_edit % new_user.id self.assertTrue(self.c.login(username=self.user.username, password='******')) response = self.c.delete(url) self.assertEqual(403, response.status_code) self.assertTrue(User.objects.filter(id=new_user.id).exists()) new_user.delete() def test_view_delete_superuser(self): new_user = User(id=3, username='******') new_user.save() url = self.url_edit % new_user.id self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.delete(url) self.assertEqual(200, response.status_code) self.assertFalse(User.objects.filter(id=new_user.id).exists()) def test_view_password_anonymous_invalid(self): """ Test changing a users password with the user_password view """ url = self.url_password % -32 response = self.c.get(url, follow=True) self.assertEqual(404, response.status_code) def test_view_password_get_anonymous(self): url = self.url_password % self.test_user.id response = self.c.get(url, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') def test_view_password_get(self): url = self.url_password % self.test_user.id self.assertTrue(self.c.login(username=self.user.username, password='******')) response = self.c.get(url, follow=True) self.assertEqual(403, response.status_code) def test_view_password_get_superuser(self): url = self.url_password % self.test_user.id self.assertTrue(self.c.login(username=self.superuser.username, password='******')) response = self.c.get(url, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'user/password.html') def test_view_password_post_anonymous(self): url = self.url_password % self.test_user.id data = { 'new_password1': "asdfasdf", 'new_password2': "asdfasdf", } response = self.c.post(url, data, follow=True) self.assertTrue(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') self.assertTrue(self.test_user.check_password('testpassword')) def test_view_password_post_user(self): url = self.url_password % self.test_user.id data = { 'new_password1': "asdfasdf", 'new_password2': "asdfasdf", } self.assertTrue(self.c.login(username=self.user.username, password='******')) response = self.c.post(url, data, follow=True) self.assertEqual(403, response.status_code) self.assertTrue(self.test_user.check_password('testpassword')) def test_view_password_post_superuser(self): url = self.url_password % self.test_user.id data = { 'new_password1': "asdfasdf", 'new_password2': "asdfasdf", } self.assertTrue(self.c.login(username=self.superuser.username, password='******')) self.assertTrue(self.test_user.check_password('testpassword')) response = self.c.post(url, data, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'user/list.html') usercheck = User.objects.get(id=self.test_user.id) self.assertTrue(usercheck.check_password("asdfasdf"))
def check_password(self, old_passwd): self.__dict__.update(self.__class__.objects.filter(id=self.id).values('password')[0]) return DjangoUser.check_password(self, old_passwd)
def ldap_authenticate(username, password): """ Authenticate using ldap python-ldap must be installed http://pypi.python.org/pypi/python-ldap/2.4.6 """ import ldap user_information = None try: ldap_session = ldap.initialize(askbot_settings.LDAP_URL) ldap_session.protocol_version = ldap.VERSION3 user_filter = "({0}={1})".format(askbot_settings.LDAP_USERID_FIELD, username) # search ldap directory for user res = ldap_session.search_s(askbot_settings.LDAP_BASEDN, ldap.SCOPE_SUBTREE, user_filter, None) if res: # User found in LDAP Directory user_dn = res[0][0] user_information = res[0][1] ldap_session.simple_bind_s(user_dn, password) # <-- will throw ldap.INVALID_CREDENTIALS if fails ldap_session.unbind_s() exact_username = user_information[askbot_settings.LDAP_USERID_FIELD][0] # Assuming last, first order # --> may be different last_name, first_name = user_information[askbot_settings.LDAP_COMMONNAME_FIELD][0].rsplit(" ", 1) email = user_information[askbot_settings.LDAP_EMAIL_FIELD][0] try: user = User.objects.get(username__exact=exact_username) # always update user profile to synchronize with ldap server user.set_password(password) user.first_name = first_name user.last_name = last_name user.email = email user.save() except User.DoesNotExist: # create new user in local db user = User() user.username = exact_username user.set_password(password) user.first_name = first_name user.last_name = last_name user.email = email user.is_staff = False user.is_superuser = False user.is_active = True user.save() log.info('Created New User : [{0}]'.format(exact_username)) return user else: # Maybe a user created internally (django admin user) try: user = User.objects.get(username__exact=username) if user.check_password(password): return user else: return None except User.DoesNotExist: return None except ldap.INVALID_CREDENTIALS, e: return None # Will fail login on return of None
class TestUsersViews(TestCase): """ Tests for checking the update/delete/change of password of users that a superuser has access to. """ def setUp(self): self.superuser = User(username='******', is_superuser=True) self.superuser.set_password('sudome') self.superuser.save() self.user = User(username='******') self.user.set_password('password') self.user.save() self.test_user = User(username='******') self.test_user.set_password('testpassword') self.test_user.save() self.url_list = '/users' self.url_create = '/user/add' self.url_edit = '/user/%s/edit' self.url_password = '******' self.c = Client() def tearDown(self): self.superuser.delete() self.user.delete() self.test_user.delete() def test_view_list_anonymous(self): """ Test users list view """ response = self.c.get(self.url_list, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') def test_view_list(self): self.assertTrue( self.c.login(username=self.user.username, password='******')) response = self.c.get(self.url_list) self.assertEqual(403, response.status_code) def test_view_list_superuser(self): self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.get(self.url_list) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'user/list.html') self.assertTemplateUsed(response, 'user/table.html') def test_view_create_get_anonymous(self): """ Test users creation view """ response = self.c.get(self.url_create, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') def test_view_create_get(self): self.assertTrue( self.c.login(username=self.user.username, password='******')) response = self.c.get(self.url_create) self.assertEqual(403, response.status_code) def test_view_create_get_superuser(self): self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.get(self.url_create) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'user/edit.html') def test_view_create_post_anonymous(self): data = { 'username': '******', 'password1': 'newpassword', 'password2': 'newpassword', 'email': '*****@*****.**', } response = self.c.post(self.url_create, data, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') self.assertFalse( User.objects.filter(username=data['username']).exists()) def test_view_create_post(self): data = { 'username': '******', 'password1': 'newpassword', 'password2': 'newpassword', 'email': '*****@*****.**', } self.assertTrue( self.c.login(username=self.user.username, password='******')) response = self.c.post(self.url_create, data, follow=True) self.assertEqual(403, response.status_code) self.assertFalse( User.objects.filter(username=data['username']).exists()) def test_view_create_post_superuser(self): data = { 'username': '******', 'password1': 'newpassword', 'password2': 'newpassword', 'email': '*****@*****.**', } self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.post(self.url_create, data) test_user = User.objects.latest('id') self.assertRedirects(response, test_user.get_absolute_url()) self.assertTrue( User.objects.filter(username=data['username']).exists()) def test_view_edit_get_anonymous(self): """ Test users edit view/form """ url = self.url_edit % self.test_user.id response = self.c.get(url, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') def test_view_edit_get(self): url = self.url_edit % self.test_user.id self.assertTrue( self.c.login(username=self.user.username, password='******')) response = self.c.get(url) self.assertEqual(403, response.status_code) def test_view_edit_get_superuser(self): url = self.url_edit % self.test_user.id self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.get(url, follow=True) self.assertEqual(200, response.status_code) # XXX why would this happen? # self.assertContains(response, self.test_user.password) self.assertContains(response, self.test_user.username) self.assertTemplateUsed(response, 'user/edit.html') def test_view_edit_post_anonymous(self): url = self.url_edit % self.test_user.id data = { 'username': self.test_user.username, 'email': '*****@*****.**', } response = self.c.post(url, data, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') usercheck = User.objects.get(id=self.test_user.id) self.assertEqual(usercheck.first_name, '') def test_view_edit_post(self): url = self.url_edit % self.test_user.id data = { 'username': self.test_user.username, 'email': '*****@*****.**', } self.assertTrue( self.c.login(username=self.user.username, password='******')) response = self.c.post(url, data, follow=True) self.assertEqual(403, response.status_code) usercheck = User.objects.get(id=self.test_user.id) self.assertEqual(usercheck.first_name, '') def test_view_edit_post_superuser(self): """ Superusers can POST new data to edit a user. """ url = self.url_edit % self.test_user.id data = { 'username': self.test_user.username, 'email': '*****@*****.**', } self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.post(url, data) usercheck = User.objects.get(id=self.test_user.id) self.assertRedirects(response, usercheck.get_absolute_url()) self.assertEqual(usercheck.email, '*****@*****.**') def test_view_delete_anonymous(self): """ Test deleting users using user_edit view """ new_user = User(id=3, username='******') new_user.save() url = self.url_edit % new_user.id response = self.c.delete(url, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') self.assertTrue(User.objects.filter(id=new_user.id).exists()) new_user.delete() def test_view_delete_user(self): new_user = User(id=3, username='******') new_user.save() url = self.url_edit % new_user.id self.assertTrue( self.c.login(username=self.user.username, password='******')) response = self.c.delete(url) self.assertEqual(403, response.status_code) self.assertTrue(User.objects.filter(id=new_user.id).exists()) new_user.delete() def test_view_delete_superuser(self): new_user = User(id=3, username='******') new_user.save() url = self.url_edit % new_user.id self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.delete(url) self.assertEqual(200, response.status_code) self.assertFalse(User.objects.filter(id=new_user.id).exists()) def test_view_password_anonymous_invalid(self): """ Test changing a users password with the user_password view """ url = self.url_password % -32 response = self.c.get(url, follow=True) self.assertEqual(404, response.status_code) def test_view_password_get_anonymous(self): url = self.url_password % self.test_user.id response = self.c.get(url, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') def test_view_password_get(self): url = self.url_password % self.test_user.id self.assertTrue( self.c.login(username=self.user.username, password='******')) response = self.c.get(url, follow=True) self.assertEqual(403, response.status_code) def test_view_password_get_superuser(self): url = self.url_password % self.test_user.id self.assertTrue( self.c.login(username=self.superuser.username, password='******')) response = self.c.get(url, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'user/password.html') def test_view_password_post_anonymous(self): url = self.url_password % self.test_user.id data = { 'new_password1': "asdfasdf", 'new_password2': "asdfasdf", } response = self.c.post(url, data, follow=True) self.assertTrue(200, response.status_code) self.assertTemplateUsed(response, 'registration/login.html') self.assertTrue(self.test_user.check_password('testpassword')) def test_view_password_post_user(self): url = self.url_password % self.test_user.id data = { 'new_password1': "asdfasdf", 'new_password2': "asdfasdf", } self.assertTrue( self.c.login(username=self.user.username, password='******')) response = self.c.post(url, data, follow=True) self.assertEqual(403, response.status_code) self.assertTrue(self.test_user.check_password('testpassword')) def test_view_password_post_superuser(self): url = self.url_password % self.test_user.id data = { 'new_password1': "asdfasdf", 'new_password2': "asdfasdf", } self.assertTrue( self.c.login(username=self.superuser.username, password='******')) self.assertTrue(self.test_user.check_password('testpassword')) response = self.c.post(url, data, follow=True) self.assertEqual(200, response.status_code) self.assertTemplateUsed(response, 'user/list.html') usercheck = User.objects.get(id=self.test_user.id) self.assertTrue(usercheck.check_password("asdfasdf"))
def test_hashed_password(self): user = User(username='******', password=make_password('password')) self.assertIs(user.check_password('password'), True)